<?php
/*
$url_last = $_SERVER['HTTP_REFERER'];
if (strstr($url_last, "&msg")) {
	$url_last = rtrim ($url_last, "123456789");
	$url_last = str_replace("&msg=", "", $url_last);
}
*/

// Adding a comment 
		if (($action == "add") && ($section == "comments")) {
		if ($_POST['comment'] != "")  {
			$insertSQL = sprintf("INSERT INTO comments (cid, uid, tableName, rid, changes, comment) VALUES (%s, %s, %s, %s, %s, %s)", 
			GetSQLValueString($cid, "int"),
			GetSQLValueString($_POST['uid'], "int"),
			GetSQLValueString($dbTable, "text"),
			GetSQLValueString($_POST['rid'], "text"),
			GetSQLValueString($_POST['changes'], "text"),
			GetSQLValueString($_POST['comment'], "text")
			);
			mysql_select_db($database, $connection);
  			$result1 = mysql_query($insertSQL, $connection) or die(mysql_error());
			
			//$insertGoTo = "../index.php?section=view_proposal&cid=$cid&go=$dbTable&msg=6";
			header(sprintf("Location: %s", $insertGoTo."&msg=3"));
			//echo $insertSQL."<br>".$insertGoTo;
			}
		else { $url_last .= "&msg=1"; header(sprintf("Location: %s", $url_last)); }
		}
		
// Editing a comment 
		if (($action == "edit") && ($section == "comments")) {
		if ($_POST['comment'] != "")  {
			$updateSQL = sprintf("UPDATE comments SET cid=%s, uid=%s, tableName=%s, rid=%s, changes=%s, comment=%s WHERE id=%s", 
			GetSQLValueString($cid, "int"),
			GetSQLValueString($_POST['uid'], "int"),
			GetSQLValueString($_POST['tableName'], "text"),
			GetSQLValueString($_POST['rid'], "text"),
			GetSQLValueString($_POST['changes'], "text"),
			GetSQLValueString($_POST['comment'], "text"),
			GetSQLValueString($id, "int")
			);
			mysql_select_db($database, $connection);
  			$result1 = mysql_query($updateSQL, $connection) or die(mysql_error());
			
			//$updateGoTo = "../index.php?section=view_proposal&cid=$cid&go=$dbTable&msg=7";
			header(sprintf("Location: %s", $updateGoTo."&msg=4"));
			//echo $updateSQL."<br>".$updateGoTo;
			}
		else { $url_last .= "&msg=1"; header(sprintf("Location: %s", $url_last)); }
		}
?>